Skip to content

Commit 61d0578

Browse files
poetteringpoettering
committed
add new portable service framework
This adds a small service "systemd-portabled" and a matching client "portablectl", which implement the "portable service" concept. The daemon implements the actual operations, is PolicyKit-enabled and is activated on demand with exit-on-idle. Both the daemon and the client are an optional build artifact, enabled by default rhough.
1 parent 19017ac commit 61d0578

28 files changed

+4473
-0
lines changed

meson.build

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,7 @@ testsdir = join_paths(prefixdir, 'lib/systemd/tests')
138138
systemdstatedir = join_paths(localstatedir, 'lib/systemd')
139139
catalogstatedir = join_paths(systemdstatedir, 'catalog')
140140
randomseeddir = join_paths(localstatedir, 'lib/systemd')
141+
profiledir = join_paths(rootlibexecdir, 'portable', 'profile')
141142

142143
docdir = get_option('docdir')
143144
if docdir == ''
@@ -1177,6 +1178,7 @@ foreach term : ['utmp',
11771178
'hostnamed',
11781179
'localed',
11791180
'machined',
1181+
'portabled',
11801182
'networkd',
11811183
'timedated',
11821184
'timesyncd',
@@ -1355,6 +1357,7 @@ subdir('src/import')
13551357
subdir('src/kernel-install')
13561358
subdir('src/locale')
13571359
subdir('src/machine')
1360+
subdir('src/portable')
13581361
subdir('src/nspawn')
13591362
subdir('src/resolve')
13601363
subdir('src/timedate')
@@ -1716,6 +1719,26 @@ exe = executable('systemctl', 'src/systemctl/systemctl.c',
17161719
install_dir : rootbindir)
17171720
public_programs += [exe]
17181721

1722+
if conf.get('ENABLE_PORTABLED') == 1
1723+
executable('systemd-portabled',
1724+
systemd_portabled_sources,
1725+
include_directories : includes,
1726+
link_with : [libshared],
1727+
dependencies : [threads],
1728+
install_rpath : rootlibexecdir,
1729+
install : true,
1730+
install_dir : rootlibexecdir)
1731+
1732+
exe = executable('portablectl', 'src/portable/portablectl.c',
1733+
include_directories : includes,
1734+
link_with : [libshared],
1735+
dependencies : [threads],
1736+
install_rpath : rootlibexecdir,
1737+
install : true,
1738+
install_dir : rootlibexecdir)
1739+
public_programs += [exe]
1740+
endif
1741+
17191742
foreach alias : ['halt', 'poweroff', 'reboot', 'runlevel', 'shutdown', 'telinit']
17201743
meson.add_install_script(meson_make_symlink,
17211744
join_paths(rootbindir, 'systemctl'),
@@ -2895,6 +2918,7 @@ foreach tuple : [
28952918
['rfkill'],
28962919
['logind'],
28972920
['machined'],
2921+
['portabled'],
28982922
['importd'],
28992923
['hostnamed'],
29002924
['timedated'],

meson_options.txt

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,8 @@ option('localed', type : 'boolean',
7979
description : 'install the systemd-localed stack')
8080
option('machined', type : 'boolean',
8181
description : 'install the systemd-machined stack')
82+
option('portabled', type : 'boolean',
83+
description : 'install the systemd-portabled stack')
8284
option('networkd', type : 'boolean',
8385
description : 'install the systemd-networkd stack')
8486
option('timedated', type : 'boolean',

src/libsystemd/sd-bus/bus-common-errors.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,8 @@
4141
#define BUS_ERROR_NO_SUCH_USER_MAPPING "org.freedesktop.machine1.NoSuchUserMapping"
4242
#define BUS_ERROR_NO_SUCH_GROUP_MAPPING "org.freedesktop.machine1.NoSuchGroupMapping"
4343

44+
#define BUS_ERROR_NO_SUCH_PORTABLE_IMAGE "org.freedesktop.portable1.NoSuchImage"
45+
4446
#define BUS_ERROR_NO_SUCH_SESSION "org.freedesktop.login1.NoSuchSession"
4547
#define BUS_ERROR_NO_SESSION_FOR_PID "org.freedesktop.login1.NoSessionForPID"
4648
#define BUS_ERROR_NO_SUCH_USER "org.freedesktop.login1.NoSuchUser"

src/portable/meson.build

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# SPDX-License-Identifier: LGPL-2.1+
2+
3+
systemd_portabled_sources = files('''
4+
portable.c
5+
portable.h
6+
portabled-bus.c
7+
portabled-image-bus.c
8+
portabled-image-bus.h
9+
portabled-image.c
10+
portabled-image.h
11+
portabled-operation.c
12+
portabled-operation.h
13+
portabled.c
14+
portabled.h
15+
'''.split())
16+
17+
if conf.get('ENABLE_PORTABLED') == 1
18+
install_data('org.freedesktop.portable1.conf',
19+
install_dir : dbuspolicydir)
20+
install_data('org.freedesktop.portable1.service',
21+
install_dir : dbussystemservicedir)
22+
install_data('org.freedesktop.portable1.policy',
23+
install_dir : polkitpolicydir)
24+
25+
install_data('profile/default/service.conf', install_dir : join_paths(profiledir, 'default'))
26+
install_data('profile/nonetwork/service.conf', install_dir : join_paths(profiledir, 'nonetwork'))
27+
install_data('profile/strict/service.conf', install_dir : join_paths(profiledir, 'strict'))
28+
install_data('profile/trusted/service.conf', install_dir : join_paths(profiledir, 'trusted'))
29+
endif

src/portable/org.freedesktop.portable1.conf

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
<?xml version="1.0"?> <!--*-nxml-*-->
2+
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
3+
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
4+
5+
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
6+
7+
<busconfig>
8+
9+
<policy user="root">
10+
<allow own="org.freedesktop.portable1"/>
11+
<allow send_destination="org.freedesktop.portable1"/>
12+
<allow receive_sender="org.freedesktop.portable1"/>
13+
</policy>
14+
15+
<policy context="default">
16+
<deny send_destination="org.freedesktop.portable1"/>
17+
18+
<!-- generic interfaces -->
19+
20+
<allow send_destination="org.freedesktop.portable1"
21+
send_interface="org.freedesktop.DBus.Introspectable"/>
22+
23+
<allow send_destination="org.freedesktop.portable1"
24+
send_interface="org.freedesktop.DBus.Peer"/>
25+
26+
<allow send_destination="org.freedesktop.portable1"
27+
send_interface="org.freedesktop.DBus.Properties"
28+
send_member="Get"/>
29+
30+
<allow send_destination="org.freedesktop.portable1"
31+
send_interface="org.freedesktop.DBus.Properties"
32+
send_member="GetAll"/>
33+
34+
<!-- Manager object -->
35+
36+
<allow send_destination="org.freedesktop.portable1"
37+
send_interface="org.freedesktop.portable1.Manager"
38+
send_member="GetImage"/>
39+
40+
<allow send_destination="org.freedesktop.portable1"
41+
send_interface="org.freedesktop.portable1.Manager"
42+
send_member="ListImages"/>
43+
44+
<allow send_destination="org.freedesktop.portable1"
45+
send_interface="org.freedesktop.portable1.Manager"
46+
send_member="GetImageOSRelease"/>
47+
48+
<allow send_destination="org.freedesktop.portable1"
49+
send_interface="org.freedesktop.portable1.Manager"
50+
send_member="GetImageUnitFiles"/>
51+
52+
<allow send_destination="org.freedesktop.portable1"
53+
send_interface="org.freedesktop.portable1.Manager"
54+
send_member="GetImageState"/>
55+
56+
<allow send_destination="org.freedesktop.portable1"
57+
send_interface="org.freedesktop.portable1.Manager"
58+
send_member="AttachImage"/>
59+
60+
<allow send_destination="org.freedesktop.portable1"
61+
send_interface="org.freedesktop.portable1.Manager"
62+
send_member="DetachImage"/>
63+
64+
<allow send_destination="org.freedesktop.portable1"
65+
send_interface="org.freedesktop.portable1.Manager"
66+
send_member="RemoveImage"/>
67+
68+
<allow send_destination="org.freedesktop.portable1"
69+
send_interface="org.freedesktop.portable1.Manager"
70+
send_member="MarkImageReadOnly"/>
71+
72+
<allow send_destination="org.freedesktop.portable1"
73+
send_interface="org.freedesktop.portable1.Manager"
74+
send_member="SetImageLimit"/>
75+
76+
<allow send_destination="org.freedesktop.portable1"
77+
send_interface="org.freedesktop.portable1.Manager"
78+
send_member="SetPoolLimit"/>
79+
80+
<!-- Image object -->
81+
82+
<allow send_destination="org.freedesktop.portable1"
83+
send_interface="org.freedesktop.portable1.Image"
84+
send_member="GetOSRelease"/>
85+
86+
<allow send_destination="org.freedesktop.portable1"
87+
send_interface="org.freedesktop.portable1.Image"
88+
send_member="GetUnitFiles"/>
89+
90+
<allow send_destination="org.freedesktop.portable1"
91+
send_interface="org.freedesktop.portable1.Image"
92+
send_member="GetImageState"/>
93+
94+
<allow send_destination="org.freedesktop.portable1"
95+
send_interface="org.freedesktop.portable1.Image"
96+
send_member="Attach"/>
97+
98+
<allow send_destination="org.freedesktop.portable1"
99+
send_interface="org.freedesktop.portable1.Image"
100+
send_member="Detach"/>
101+
102+
<allow send_destination="org.freedesktop.portable1"
103+
send_interface="org.freedesktop.portable1.Image"
104+
send_member="Remove"/>
105+
106+
<allow send_destination="org.freedesktop.portable1"
107+
send_interface="org.freedesktop.portable1.Image"
108+
send_member="MarkReadOnly"/>
109+
110+
<allow send_destination="org.freedesktop.portable1"
111+
send_interface="org.freedesktop.portable1.Image"
112+
send_member="SetLimit"/>
113+
114+
<allow receive_sender="org.freedesktop.portable1"/>
115+
</policy>
116+
117+
</busconfig>

src/portable/org.freedesktop.portable1.policy

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
2+
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
3+
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
4+
5+
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
6+
7+
<policyconfig>
8+
9+
<vendor>The systemd Project</vendor>
10+
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
11+
12+
<action id="org.freedesktop.portable1.inspect-images">
13+
<description gettext-domain="systemd">Inspect a portable service</description>
14+
<message gettext-domain="systemd">Authentication is required to inspect a portable service.</message>
15+
<defaults>
16+
<allow_any>auth_admin</allow_any>
17+
<allow_inactive>auth_admin</allow_inactive>
18+
<allow_active>auth_admin_keep</allow_active>
19+
</defaults>
20+
</action>
21+
22+
<action id="org.freedesktop.portable1.attach-images">
23+
<description gettext-domain="systemd">Attach or detach a portable service</description>
24+
<message gettext-domain="systemd">Authentication is required to attach or detach a portable service.</message>
25+
<defaults>
26+
<allow_any>auth_admin</allow_any>
27+
<allow_inactive>auth_admin</allow_inactive>
28+
<allow_active>auth_admin_keep</allow_active>
29+
</defaults>
30+
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.systemd1.reload-daemon</annotate>
31+
</action>
32+
33+
<action id="org.freedesktop.portable1.manage-images">
34+
<description gettext-domain="systemd">Delete or modify portable service image</description>
35+
<message gettext-domain="systemd">Authentication is required to delete or modify a portable service image.</message>
36+
<defaults>
37+
<allow_any>auth_admin</allow_any>
38+
<allow_inactive>auth_admin</allow_inactive>
39+
<allow_active>auth_admin_keep</allow_active>
40+
</defaults>
41+
</action>
42+
43+
</policyconfig>

src/portable/org.freedesktop.portable1.service

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# SPDX-License-Identifier: LGPL-2.1+
2+
3+
[D-BUS Service]
4+
Name=org.freedesktop.portable1
5+
Exec=/bin/false
6+
User=root
7+
SystemdService=dbus-org.freedesktop.portable1.service

0 commit comments

Comments
 (0)